CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-4077

HIGH
7.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile15.68th
Published2008年9月15日
Last Modified2026年4月23日

Vulnerability Description

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

Affected Platforms (CPE)

📦
Ledgersmb

Ledgersmb

< 1.2.15
📦
Sql Ledger

Sql Ledger

<= 2.8.17

References & Advisories

🔗 http://secunia.com/advisories/31843
🔗 http://securityreason.com/securityalert/4250
🔗 http://www.ledgersmb.org/node/70
🔗 http://www.securityfocus.com/archive/1/496181/100/0/threaded
🔗 http://www.securityfocus.com/bid/31109
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45033
🔗 http://secunia.com/advisories/31843
🔗 http://securityreason.com/securityalert/4250

相關漏洞威脅

CVE-2007-537210.0

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attack...

CVE-2007-390710.0

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perfor...

CVE-2007-132910.0

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitra...

CVE-2018-92469.8

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escape...